Outsourcing Policy

REGULATORY FRAMEWORK

This Outsourcing Policy is framed in accordance with:

  • RBI Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs.
  • RBI Master Direction – Non-Banking Financial Company – Investment and Credit Company (Reserve Bank) Directions.
  • RBI Guidelines on Digital Lending (as amended from time to time).
  • Applicable provisions of the RBI Act, 1934.

OBJECTIVE

This policy aims to ensure that outsourcing arrangements by the NBFC-ICC / Digital Lending NBFC:

  • Do not dilute regulatory compliance.
  • Do not impair customer protection.
  • Are supported by robust governance and risk management.

SCOPE & DEFINITION

Outsourcing refers to use of a third party to perform activities on a continuing basis which would otherwise be undertaken by the NBFC.

The Services that may be outsourced by the Company may generally include application processing (loan origination), document processing, marketing and research, supervision of loans, data processing and back office related activities etc. An indicative list of activities that may be considered for outsourcing shall be as under:

  • Sourcing/Lead Generation/Recommendation of prospective Borrowers
  • Collection of Loans from Borrowers/Defaulting Borrowers
  • Field Investigation, Risk Containment Unit
  • Verification of Documents, Fraud Control, Customer Profile, Credit checks
  • Managing Customer Queries
  • VMarketing of Company’s products
  • Recruitment, Selection and Training of Personnel
  • Background verification of personnel for employment
  • Administration of Payroll and Taxation
  • Technology infrastructure management, maintenance & support
  • Application development, maintenance and testing
  • Use of Courier Services, Travel Agents
  • Housekeeping and Maintenance Services
  • Legal Services

The above list is indicative and not exhaustive. The Company may outsource any activities other than those mentioned above which are permissible to be outsourced as per the RBI Guidelines.

ACTIVITIES THAT SHALL NOT BE OUTSOURCED:

As per RBI directions, the Company should not outsource its core management functions or activities including Strategic and Compliance functions and decision-making functions such as determining compliance with KYC norms for sanction for loans, Internal Audit. Further, Internal Audit function itself is a management process, the internal auditors can be on contract. However, the Company outsource this function within the group subject to compliance with instructions as provided in point 9 i.e. Outsourcing within a group.

DUE DILIGENCE OF SERVICE PROVIDERS / LSPS

Prior to outsourcing, the NBFC shall conduct due diligence of the Service Providers/LSPs which shall cover financial soundness and ownership, technical capability and data security framework, regulatory compliance capability, track record and reputation, adherence to RBI Digital Lending Guidelines and other relevant aspects.

ROLE OF THE BOARD AND SENIOR MANAGEMENT

Role of the Board:

The Board of the Company or Committee of the Board to which powers have been delegated shall be responsible inter alia for the following:

  • Approval of framework to evaluate the risks and materiality of all existing and prospective outsourcing and the policies that apply to such arrangements.
  • Laying down appropriate authorities for outsourcing depending on risks and materiality.
  • Setting up suitable administrative framework of senior management for the purpose of these directions.
  • Undertaking regular reviews of outsourcing strategies and arrangements for their continued relevance and safety and soundness.
  • Deciding on business activities of a material nature to be outsourced and approving of such arrangements.

Responsibilities of the Senior Management:

  • Evaluate the risks and materiality of all existing and prospective outsourcing, based on the framework approved by the Board.
  • Develop and implement sound and prudent outsourcing policies and procedures commensurate with the nature, scope and complexity of the outsourcing activity.
  • Review periodically the effectiveness of policies and procedures.
  • Communicate information pertaining to material outsourcing risks in the Board in a timely manner.
  • Ensure that contingency plans, based on realistic and probable disruptive scenarios, are in place and tested.
  • Ensure that there is independent review and audit for compliance with set policies.
  • Undertake periodic reviews of outsourcing arrangements to identify new material outsourcing risks as they arise.

OUTSOURCING AGREEMENTS

All outsourcing arrangements shall be executed only by way of a clearly defined and legally binding written agreement with each of the Service Provider and vetted by the Company’s Legal counsel on their legal effect and enforceability

The agreement shall be sufficiently flexible to allow the Company to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations

The agreement shall also bring out the nature of legal relationship between the parties - i.e., whether agent, principal or otherwise

Due care shall be taken to ensure that the Outsourcing Agreement:

  • clearly defines what activities are going to be outsourced, including appropriate service and performance levels.
  • to ensure that it has the ability to access all books, records and information relevant to the outsourced activity available with the service provider.
  • provides for mutual rights, obligations and responsibilities of the Company and the Service Provider including indemnity by the parties.
  • provides for the liability of the Service Provider to the Company for unsatisfactory performance/other breach of the contract.
  • provides for the continuous monitoring and assessment by the Company of the Service Provider so that any necessary corrective measures can be taken up immediately, i.e., the contract shall enable the Company to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations.
  • includes, where necessary, conditions of sub-contracting by the Service Provider, i.e. the contract shall provide for the prior approval/ consent by the Company of the use of subcontractors by the service provider for all or part of an outsourced activity.
  • has unambiguous confidentiality clauses to ensure protection of proprietary and customer data during the tenure of the contract and also after the expiry of the contract and service providers liability in case of breach of security and leakage of confidential customer related information shall be incorporated.

RESPONSIBILITIES OF DIRECT SALES AGENTS (DSA)/DIRECT MARKETING AGENTS (DMA)/RECOVERY AGENTS:

The Company shall ensure that DSA/DMA/Recovery Agents are properly trained to handle their responsibilities with care and sensitivity, particularly aspects such as soliciting customers, hours of calling, privacy of customer information and conveying the correct terms and conditions of the products on offer etc.

Recovery Agent shall adhere to extant instructions on Fair Practices Code of the Company as also their own code for collection of dues and repossession of security, it is essential that the Recovery Agents refrain from action that could damage the integrity and reputation of the Company and that they observe strict customer confidentiality.

The Company and their agents shall not resort to intimidation or harassment of any kind, either verbal or physical, against any person in their debt collection efforts, including acts intended to humiliate publicly or intrude the privacy of the debtors’ family members, referees and friends, making threatening and anonymous calls or making false and misleading representations.

LOANS SOURCED BY THE COMPANY OVER DIGITAL LENDING PLATFORMS:

In view of the of Banks and NBFCs engaging digital lending platforms to source borrowers and/or to recover dues, the RBI has issued circular on loans sourced by Banks and NBFCs over digital lending platforms: adherence to fair practices code and outsourcing directs that wherever the Company engages digital lending platforms as their agents to source borrowers and/ or to recover dues, they must follow the following instructions:

  • Names of digital lending platforms engaged as agents shall be disclosed on the website of the Company.
  • Digital lending platforms engaged as agents shall be directed to disclose upfront to the customer, the name of the Company on whose behalf they are interacting with him.
  • Immediately after sanction but before execution of the loan agreement, the sanction letter shall be issued to the borrower on the letter head of the Company.
  • A copy of the loan agreement along with a copy each of all enclosures quoted in the loan agreement shall be furnished to all borrowers at the time of sanction/ disbursement of loans.
  • Effective oversight and monitoring shall be ensured over the digital lending platforms engaged by the Company.
  • Adequate efforts shall be made towards creation of awareness about the grievance redressal mechanism.

MONITORING AND CONTROL OF OUTSOURCED ACTIVITIES:

The Company shall have in place a management structure to monitor and control its outsourcing activities.

MAINTENANCE OF RECORDS:

The records relating to all material activities outsourced shall be preserved centrally so that the same is readily accessible for review by the Board of the Company and / or its senior management, as and when needed. Such records shall be regularly updated and may also form part of the corporate governance review by the management of the Company.

REVIEW:

The policy shall be reviewed at regular intervals or as and when considered necessary by the management/ Board of Directors of the Company.

For more information, please contact us at info@khosyafinlease.com